APT-C-60 has launched a targeted campaign against recruitment professionals, utilizing VHDX files to deploy malicious payloads. The threat actors impersonate job seekers and send spear-phishing emails to entice recruitment staff. This strategy exploits established trust relationships, which heightens the potential for successful attacks. JPCERT analysts identified that this campaign especially targets East Asian regions, notably Japan, between June and August 2025.
The infections are triggered when victims execute the malicious VHDX file and inadvertently run an LNK file embedded within it. This process unleashes sophisticated data-stealing malware through a multi-stage infection strategy that leverages both GitHub and other legitimate services to maintain command-and-control. The malware employs complex encoding techniques, including both XOR and AES encryption, providing a robust layer of obfuscation. As a result, the attackers can track compromised machines effectively and ensure persistence within the system through methods such as COM hijacking, guaranteeing automatic execution.
👉 Pročitaj original: Cyber Security News
